58 lines
1.8 KiB
Nix
58 lines
1.8 KiB
Nix
# MANUAL: Remember to set up root's ssh config with any necessary values. For example:
|
|
|
|
# Host foo
|
|
# HostName ns1.fizz.buzz
|
|
# Port 65122
|
|
# User nixworker
|
|
# IdentitiesOnly yes
|
|
# IdentityFile /persist/manual/ssh/root/keys/id_ed25519
|
|
|
|
# Host *
|
|
# Compression yes
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [ ];
|
|
|
|
options.me = {
|
|
nix_worker.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
example = true;
|
|
description = "Whether this machine should be set up to function as a nix.buildMachines. This does not configure nix.buildMachines, but only does the necessary setup to get the machine ready/capable of being a nix.buildMachines.";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.me.nix_worker.enable (
|
|
lib.mkMerge [
|
|
{
|
|
nix.settings.trusted-users = [ "nixworker" ];
|
|
|
|
users.users.nixworker = {
|
|
isNormalUser = true;
|
|
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
|
|
group = "nixworker";
|
|
# extraGroups = [ "wheel" ];
|
|
# Generate with `mkpasswd -m scrypt`
|
|
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
|
|
openssh.authorizedKeys.keys = [
|
|
# Normal keys:
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
|
|
# Key for nix to connect:
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
|
|
];
|
|
};
|
|
users.groups.nixworker = { };
|
|
}
|
|
]
|
|
);
|
|
}
|